https://community.isc2.org/t5/Industry-News/Certificate-Lifecycle-is-a-shorter-lifespan-better/m-p/27121#M3391 <P>Good topic and opinions, I completely agree.&nbsp; I think an annual certificate upgrade is a reasonable for any organization.&nbsp; &nbsp;Good security is not easy or cheap.</P> Tue, 20 Aug 2019 19:07:26 GMT apbanohit 2019-08-20T19:07:26Z https://community.isc2.org/t5/Industry-News/Certificate-Lifecycle-is-a-shorter-lifespan-better/m-p/27119#M3390 <P>I've always been a proponent for tight cert expiration dates. I really don't like anything much over a year and more like 6 months.&nbsp; Because many certs can be reissued auto-magically I don't sweat the shorter time spans.&nbsp; Yes, PKI certs are tad different story but again, why issue a cert for 3 to 5 years when most employees only last 1.23745 years?</P><P>&nbsp;</P><P>Recently the standards body for browsers proposed a <A href="https://www.infosecurity-magazine.com/news/certificate-giant-slams-plan-short/" target="_blank" rel="noopener">change</A>.&nbsp; A big CA house did not like the new proposal. Personally, I think their reasons for keeping it longer are lame. I'm curious as to what your thoughts are.</P> Tue, 20 Aug 2019 17:56:20 GMT https://community.isc2.org/t5/Industry-News/Certificate-Lifecycle-is-a-shorter-lifespan-better/m-p/27119#M3390 Flyslinger2 2019-08-20T17:56:20Z https://community.isc2.org/t5/Industry-News/Certificate-Lifecycle-is-a-shorter-lifespan-better/m-p/27121#M3391 <P>Good topic and opinions, I completely agree.&nbsp; I think an annual certificate upgrade is a reasonable for any organization.&nbsp; &nbsp;Good security is not easy or cheap.</P> Tue, 20 Aug 2019 19:07:26 GMT https://community.isc2.org/t5/Industry-News/Certificate-Lifecycle-is-a-shorter-lifespan-better/m-p/27121#M3391 apbanohit 2019-08-20T19:07:26Z